Skillset

[NOTE: Click the “DOWNLOAD” button to the right to download the config files for this lab]

Transcript: Welcome to this CCDA lab where we’ll be discussing the access and distribution layer design options. In this second part of the lab, we’ll consider a set of ways VLANs are fully contained on access layer switches – so basically there is no spanning of VLANs. So even though STP and first hop redundancy protocols will still be used, STP does not block up links in this particular scenario.

Now this lab is very similar to the one we had before, except that in this case, we have VLAN 10, VLAN 20 on this switch, and we have VLAN 10 and VLAN 30 and VLAN 40 on this switch. So there’s no spanning of VLANs across access layout switches. So if we were to check this for example and I do show VLAN brief. So we have VLAN 10 and VLAN 20 right. But for this guy, we come to the CLI. Let’s just expand this. Show VLAN brief. I have 30 and 40. So there’s no spanning of VLANs between the switches.

Now the configuration on the distribution layout switches is kinda similar as the one that we had before. What you note is a couple of things. Of course now we even have more SVIs. Say if I do a show run. Let’s come here. So we have up to VLAN 40, right? So as you can see, it gets more complex. So VLAN 10, VLAN 20, VLAN 30, and VLAN 40. Now you notice that I’m still balancing between the distribution layout switches, so for VLAN 10 and 30, this guy has a higher priority. But for 20 and 40, it has a lower priority. So the same way if I’m doing this for the STP root, I also have to do it for my HSRP. So you notice here for VLAN 10, it has a higher priority and also on VLAN 30, right?

Alright say if we come here, you notice that, let’s see, enable show run. So for 20 and 40 this guy has a higher priority and it also has a higher priority for the HSRP for 20 and 40. Now there’s another sort of difference. Say one’s spanning VLANs, this link between the distribution layout switches doesn’t have to be layer two. So you’ll dub it one zero one. It doesn’t have to be layer two. We can move it to layer three. So if we check here. So right now there’s an IP address on it. No switch spots, there’s an IP address on it. So it doesn’t have to be layer two anymore. Right.

Now if we look at show span entry. So let’s check for VLAN 10. You can see that this bridge is root, right? And for VLAN 20, the other guy is root. For VLAN 30, this bridge is root. And for VLAN 40, the other guy is root. Right? And we can also check show standby brief. So, this guy is active for 10 and 30, right? And you notice that it is something similar on this guy. So show span entry VLAN 10. The other guy is active here but this guy will be active or will be root for 20 and it would also be the STP root for 40. Right?

And then to check for show standby brief, let’s just increase this here just a bit, okay. So we have 20 and 40 as active, right? Good. Now what it does on the access layer switches is there are no interfaces in the blocking link anymore. So if I come here. If I check show span entry for VLAN 10. As you can see everything is in the forwarding state. Right? There’s no one that is blocked. If I checked for VLAN 20, everything is in the forwarding state. Right? And the same thing here, if I were to check span entry for VLAN 30, everything forwarding state. For VLAN 40, everything is in the forwarding state, right?

So you don’t have any blocked links. Stage one spanning VLANs across the access layer switches. So if I come to this guy now. If I come to Desktop. If I want to ping 8.8.8. Right? So the first reply came but then remember it doesn’t have up, anyways. So it’s working now. Alright. Okay. One thing we should do. Let’s do the simulation again. We are only filtering ICMP. So I’ll come back to this guy. And ping 8.8.8. See it has generated the packets. I’ll say capture forward. Now when it gets here, notice what happens if I say capture forward. Can you see that it sends the packets both to distribution switch one and distribution switch two. Right. So I’m using both links, since no link is blocking that means we have more bandwidth in this particular lab set of non spanning VLANs. That’s the important difference.

In a case like this, we should not actually be using HSRP on a distribution layout switches. We actually should be using something like Gateway load balancing protocol. Unfortunately, package restar doesn’t support that, right? So if we are using GLBP, we will be able to maximize bandwidth like truly truly. You can achieve the same thing with HSRP by configuring a few things but not in the same way that GLBP can handle it mittently. Right.

Okay, so now let’s simulate a failure. So for example if I look here. This guy for VLAN 10 is using this guy, right? So let’s simulate a failure here. Let’s say this guy goes down. Would this guy still be able to get on the network? That’s the whole point of having two distribution layout switches. So let’s come here. I’m going to come to the physical and I’m just going to remove the parcel play. So now it has gone down. Yeah. And now the network is trying to re converge. Thankfully [inaudible 00:06:25] interrupted span entry so everything goes pretty fast.

So if I were to ping 8.8.8 again, as you can see I still have reply. That means it’s now going through this link. Right? And you’ll notice that this guy has become active for HSRP group 10 and group 30. And if I were to check the VLAN 10 and 30 also, it would be root, right? Cool. So when this guy comes back, everything should go back to normal. So let’s put this here. And we’ll just wait for that to start up. Alright, so we have it there. Okay. SO let’s come to the CLI. So as you and see it has become active for 30 and 10. Right? Let’s make sure that STP is fine. Show span entry VLAN 10. Yep, so this bridge is root. Yep. And we can see that everything goes back to normal. So in this kind of network, you have redundancy. Even if this guy fails, then you have redundancy. Of course if your access layout switch should fail, if these guys are not connected to another access layout switch then everybody goes down. Yeah. So you don’t actually have redundancy at this layer. Right? You only have redundancy, kind of, at this layer.

In some cases if you have several servers, in most cases you would be connected to maybe two different switches or something like that. But for your end users you only just connect them to one access layout switch. Alright so just to review what we have said. Stage one of spanning VLANs between the access layout switches, this link first of all, can be layer three, right? And there’s no blocking link, STP doesn’t block any up links to the distribution layout switches, right. Cool.

Adeolu Owokade is a technology lover who has always been intrigued by Security. He has multiple years of experience in the design, implementation and support of network and security technologies. He's a CCIE (Security) with a new found love in writing.

About Intense

Intense School has been providing accelerated IT training and certification for over 12 years to more than 45,000 IT and Information Security professionals worldwide. Come see why we have the highest pass rates in the industry!

Join our newsletter

File download

First Name

Last Name

Work Phone Number

Work Email Address

Job Title

How will you fund your training?

Why Take This Training?

What is your timeline for training?

InfoSec institute respects your privacy and will never use your personal information for anything other than to notify you of your requested course pricing. We will never sell your information to third parties. You will not be spammed.

Comments

What is Skillset?

Skillset

Practice tests & assessments.

Practice for certification success with the Skillset library of over 100,000 practice test questions. We analyze your responses and can determine when you are ready to sit for the test. Along your journey to exam readiness, we will:

1. Determine which required skills your knowledge is sufficient
2. Which required skills you need to work on
3. Recommend specific skills to practice on next
4. Track your progress towards a certification exam